user login system cookie based over ssl

Question

i created user login system and with this function i start sessions

function sessionStart() {
    $session_name = 'sec_session_id'; // Set a custom session name
    $secure = false; // Set to true if using https.
    $httponly = true; // This stops javascript being able to access the session id. 

    ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
    $cookieParams = session_get_cookie_params(); // Gets current cookies params.
    session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
    session_name($session_name); // Sets the session name to the one set above.
    session_start(); // Start the php session
    session_regenerate_id(true); // regenerated the session, delete the old one. 
}

i use sessions cookie just as you can see in function which i menotioned above i store this sessions in memcached to boost up my operation.now i need to create a cookie which store user data in it.for example i need user id then i store user id in cookie like this

setcookie('userid','1234',time()+240000)

and after that i need user password and username in case of keep user logged in.but i know i should not keep password in cookie.if not keeping password in cookie when our server crashes because of using memcache we will loose all users session.am i right?then how should i keep user logged in..please just explain.no need to bother yourself to writing code.

thanks in advance

Answer 1

I suggest you to keep your client logged-in data in a SQL database and give the SQL row a random salt + hash and then assign that hash to a cookie. Then you just fetch the info from the database each time.